How to Disable External Sharing in SharePoint Online?

Requirement: Disable external sharing in SharePoint Online using PowerShell.

How to Disable External Sharing in SharePoint Online?
External sharing in SharePoint Online is a feature that enables users to share documents and content outside the organization with people who are not members of your organization, such as vendors, customers, consultants, etc. However, many organizations don't want to open sharing because of security reasons! External sharing settings can be controlled at two levels: Tenant-wide and at site collection levels.

To turn off external Sharing in SharePoint Online at the tenant level, follow these steps:

• Login to SharePoint Online Admin Center as a global admin or SharePoint Online administrator.
• From the left navigation, Expand "Policies" and click on "Sharing".
• Change the Sharing Settings for SharePoint Online to "Only people in your organization" to disable external sharing. 
  
• Click on the "Save" button at the bottom to save your changes. This sets only members of the tenant can receive sharing invitations.

OneDrive for Business site's External sharing settings depends on the SharePoint's Sharing settings! You cannot set OneDrive settings that are more permissive than the SharePoint Online tenant settings. (In other words, OneDrive for Business Sharing settings can be more restrictive than SharePoint Online's Sharing settings).

If you are using classic admin center, To turn off external sharing:

• Under "Sharing outside your organization" section, set the sharing option to "Don't allow sharing outside your organization".
• Click on "OK" button at the bottom to save your changes.
  

This prevents all users on all sites from sharing sites or sharing content on sites with external users.

Disable External Sharing in SharePoint Online using PowerShell:
We wanted to disable external sharing completely for the organization.

#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
 
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
 
#Disable external sharing for the tenant
Set-SPOTenant -SharingCapability Disabled 

Disable External Sharing at Site Collection Level:
You can disable external sharing at each individual SharePoint Online site collection as well. To disable external sharing at site collection level using SharePoint Online admin center, follow these steps:

• Go to SharePoint Online Admin Center >> Select the desired Site collection from the list
• Click on "Sharing" button >> Set the sharing settings to "Only people in current organization". Click on "Save" to commit your changes.
  

Disable External Sharing in SharePoint Online Site Collection using PowerShell
You can use PowerShell to further restrict sharing settings on individual SharePoint sites.

#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
$SiteURL="https://crescent.sharepoint.com/sites/operations"

#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)

#Disable external sharing
Set-SPOSite $SiteURL –SharingCapability "Disabled"

You can verify this in your SharePoint Online admin center as shown in the image above. To get the list of sites where sharing capability is disabled:

Get-SPOSite | Where {$_. SharingCapability -eq "Disabled"}

If you disable external sharing at site collection level, all existing external users will not be able to access the content inside the selected site collections. You have to re-invite them again. If you want to temporarily disable external user access, turn off external sharing at tenant level from the SharePoint Online Admin Center!

To enable external sharing in SharePoint Online, refer: How to Enable External Sharing in SharePoint Online using PowerShell?